A Model of Information Security Governance for E-Business

Abstract

This chapter identifies various levels of governance followed by a focus on the role of information technology (IT) governance with reference to information security for today’s electronic business (e-business) environment. It outlines levels of enterprise, corporate, and business governance in relation to IT governance before integrating the latter with e-business security management. E-business has made organisations even more reliant on the application of IT while exploiting its capabilities for generating business advantages. The emergence of and dependence on new technologies, like the Internet, have increased exposure of businesses to technology-originated threats and have created new requirements for security management and governance. Previous IT governance frameworks, such as those provided by the IT Governance Institute, Standards Australia, and The National Cyber Security Partnership, have not given the connection between IT governance and e-business security sufficient attention. The proposed model achieves the necessary integration through risk management in which the tensions between threat reduction and value generation activities have to be balanced.